overlay

AppWizard
July 23, 2025
Security researchers at Trustwave SpiderLabs have identified a complex cluster of Android malware that combines click fraud, credential theft, and brand impersonation. This malware exploits the Android Package Kit (APK) file format to distribute malicious applications, often through phishing messages or deceptive websites. Users are tricked into installing these APKs, which are disguised as reputable brands or promotional apps. Once installed, the malware takes advantage of Android's permission model to access sensitive resources, primarily for click fraud and traffic redirection to generate illicit revenue. Some variants engage in data collection and credential harvesting, employing advanced evasion tactics to avoid detection, such as using counterfeit Chrome applications and overlay screens. A notable variant includes a spoofed Facebook app that mimics the official interface and connects to a remote command-and-control server for instructions. The malware uses encryption and encoding to secure data exchanges and employs open-source tools to bypass Android's signature verification. Evidence suggests that the operators may be Chinese-speaking, as indicated by the use of Simplified Chinese in the code and the promotion of related APK campaigns on Chinese-speaking underground forums.
AppWizard
July 21, 2025
The Gemini overlay on Android has been updated to include a new shortcut that allows users to quickly open the full Gemini app via a drag handle at the top of the overlay. This feature provides access to chat history, Gems, and settings. The updated prompt bar offers seamless access to features like Video, Deep Research, and Canvas chips, while the design of the 'plus' menu has been refreshed. The overlay shortcut is being rolled out with versions 16.27 (stable) and 16.28 (beta) of the Google app, and users may need to force stop the app to activate it. Additionally, the overlay now supports right-alignment on tablets and foldables.
AppWizard
July 12, 2025
A new tapjacking technique called TapTrap can exploit user interface animations on Android devices, bypassing the permission system and potentially allowing access to sensitive data or harmful actions. TapTrap operates with zero-permission applications, layering a transparent activity over a malicious one. This vulnerability exists in both Android 15 and 16. Developed by researchers from TU Wien and the University of Bayreuth, TapTrap manipulates activity transitions using custom low-opacity animations, making risky prompts nearly invisible to users. An analysis of nearly 100,000 apps revealed that 76% are vulnerable to TapTrap due to specific conditions related to activity launching and animation handling. The attack has been confirmed on Android 16, including tests on a Google Pixel 8a. GrapheneOS has acknowledged its vulnerability to TapTrap and plans to include a fix in its next release. Google is aware of the issue and intends to address it in a future update.
Winsage
July 10, 2025
Microsoft is preparing to release a significant update for Windows 11, designated as 25H2, which will include a new feature that allows users to easily remove unwanted Microsoft applications through a group policy. This update aims to enhance system performance by reducing clutter. Users will be able to remove applications such as Feedback Hub, Microsoft 365 Copilot, Microsoft Teams, and others without needing external tools or complex commands. The feature is expected to debut with the Windows 11 25H2 update, and currently, select users can test it in preview builds. It will allow the removal of standard Microsoft Store packages but will not extend to third-party software. There is uncertainty about whether this feature will be available to Windows 11 Home users or limited to the Pro version.
AppWizard
July 9, 2025
A new Android vulnerability named TapTrap allows malicious applications to bypass the operating system's permission system without requiring special permissions. It exploits activity transition animations to mislead users into granting sensitive permissions or executing harmful actions. Researchers from TU Wien analyzed 99,705 applications on the Google Play Store and found that 76.3% are susceptible to this attack. TapTrap uses low-opacity animations (approximately 0.01 alpha) to make sensitive permission dialogs nearly invisible while still registering touch events. The attack can last up to six seconds and can lead to unauthorized access to critical functionalities like the camera and microphone, and even device administrator privileges. TapTrap bypasses existing defenses against tapjacking in Android, affecting popular web browsers as well. A user study showed that all participants failed to detect at least one variant of the attack. As of June 2025, Android 15 remains vulnerable, with no timeline for a comprehensive fix. The vulnerability has been assigned two CVEs, and researchers disclosed their findings to Google in October 2024. They propose solutions to mitigate the risks, including blocking touch events during low-opacity animations and setting an opacity threshold of 0.2.
AppWizard
July 9, 2025
A technique for Android devices called TapTrap allows malicious applications to intercept user taps without requiring special permissions. It uses transparent screen transitions to mislead users into triggering hidden actions. Devices running Android versions 15 and 16 are particularly vulnerable. TapTrap operates by overlaying a nearly transparent screen on top of another application, making it appear as if users are interacting with one app while their taps are registered by the hidden screen. A study of around 100,000 Android applications revealed that approximately 76 percent contained screens vulnerable to TapTrap. The researchers successfully executed the attack on a Google Pixel 8a running Android 16. Google has acknowledged the issue and plans to include a fix in a future software update, but no specific timeline has been provided. Users can enhance their security by disabling animations in their system settings.
AppWizard
July 9, 2025
The Anatsa banking trojan has reappeared on Google Play as a PDF viewer app, accumulating over 50,000 downloads. It activates upon installation, targeting North American banking applications by presenting an overlay that allows unauthorized access, keylogging, and transaction automation. Researchers from Threat Fabric discovered that the app displays a fake notification about banking system maintenance to mask its activities. Anatsa has a history of infiltrating Google Play through various trojanized applications, with previous campaigns resulting in 300,000 downloads in November 2021, 30,000 in June 2023, and 150,000 in February 2024. In May 2024, Zscaler reported two new Anatsa applications on Google Play, achieving 70,000 downloads. The specific app identified is ‘Document Viewer – File Reader,’ published by ‘Hybrid Cars Simulator, Drift & Racing,’ which maintains a “clean” appearance until it builds a user base, after which malicious code is introduced via an update. Anatsa connects to a command-and-control server to monitor targeted applications. Google has removed the malicious app, advising users to uninstall it, scan their devices, and reset banking credentials. Users are encouraged to download apps only from reputable publishers and be cautious with permissions and reviews. Google Play Protect automatically protects users from known malicious apps.
Winsage
July 7, 2025
The upcoming Windows 11 25H2 update will introduce a new policy called the Remove Default Microsoft Store Packages, which allows users to remove unwanted Microsoft applications in a single action through Group Policy. This feature aims to simplify the process of debloating Windows 11, which has historically been cumbersome. Users can find this setting under Computer Configuration > Administrative Templates > Windows Components > App Package Deployment. The policy currently supports the removal of various Microsoft applications but does not extend to third-party software. While initial tests show the policy functions as intended, further refinement is needed to address issues like orphaned shortcuts. This feature will not be available to Windows 11 Home users.
AppWizard
July 4, 2025
Idle games are designed for those working from home, allowing for minimal interaction and automated progress. They provide engaging yet low-maintenance entertainment, often developed by indie creators. Examples include: - Rusty's Retirement: A farm simulation where players set up their farm while automated assistants manage daily tasks. - Cauldron: An idle game featuring turn-based battles and resource gathering from five mini-games for upgrades. - Cast n Chill: A fishing game that allows players to actively fish or switch to an idle mode for automated fishing. - Bao Bao's Cozy Laundromat: Players manage a laundromat for pandas, with a focus timer to maintain productivity while engaging in gameplay. These games offer non-intrusive experiences, allowing players to check in at their convenience without the pressure of failure.
Search